Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Here's a corporate motto for you: "Destroying data since 1959." Timothy ran into a company called Garner Products (which doesn't use that motto as far as we know), at a security conference. While most exhibitors were busily preserving or encrypting data one way or another, Garner was not only destroying data but delighting in it. And yes, they've really been doing this since 1959; they started out degaussing broadcast cartridges so broadcasters could re-use them without worrying about old cue tones creeping into new recordings. Now, you might ask, "Instead of spending $9,000 or more to render hard drives useless, couldn't you just use a $24 sledge hammer? And have the fun of destroying something physical as a free bonus?" Yes, you could. You'd get healthy exercise as well, and if you only wanted to destroy the data on the hard drives, so what? New drives are cheap these days. But some government agencies and financial institutions require degaussing before the physical destruction (and Garner has machines that do physical destruction, too -- which is how they deal with SSDs). Garner Products President Ron Stofan says in the interview that their destruction process is more certain than shooting a hard drive with a .45. But neither he nor Tim demonstrated a shooting vs. degaussing test for us, so we remain skeptical.

Tim: Ron, first could you introduce yourself, your title and your company.

Ron: Sure. My name is Ron Stofan, I am President of Garner Products Inc. We are manufacturers of degaussing and destruction equipment for hard drives.

Tim: Okay. Now how did you get into the business of destroying data?

Ron: Destroying data started in 1959. My father started the company to erase broadcast cartridges. They erased a few tons of broadcast cartridges. And that started off in the audio industry. Then that transferred up to the video industry, when the video tapes started coming into play up through the video cassettes and then finally into the diskette market. We are erasing all the diskettes for Dysan in the factories so far. And then hard drives came, and people needed a way to destroy data permanently off a hard drive.

Tim: So in a way, you are doing the opposite of what a lot of companies here are doing, which is basically preserving and hiding data.

Ron: Absolutely. Yes. Our main goal is to destroy data to make sure that it is not recoverable in any means either today or into the future.

Tim: Let’s take a look at some of the products that you’ve got that actually go about doing that destruction. Can you walk us through your line a little bit?

Ron: Certainly. This is our entry level degausser. It is our model HD2 degausser. It is a simple operation. You simply place the hard drive into the drawer, close the drawer and the degaussing process automatically starts. It takes about 45 seconds for this to fully erase the hard drive. Right now it executes charging of _____1:33 capacitors, when it is charged it will release all that energy through a coil which the hard drive is sitting in between or inside of, and there is a very strong magnetic field which erases or demagnetizes all of the data patterns on the disk platters inside the hard drive.

Tim: Now unlike the case with audiotape when you destroy the data on the hard drive, you’ve also rendered the drive itself inoperable; is that right?

Ron: That’s correct. So when we erase the data, we are also erasing the server tracks often known as timing tracks on the disk platters themselves. Those are inherent to have the function of the hard drive. So as we erase those magnetic data patterns, that renders the hard drive completely useless. In addition, the amount of field strength going through the hard drive itself is blowing _____2:25 up the read/write heads, it is also demagnetizing the magnets in the motor and the server drive itself.

Tim: Could you say that again? What are the numbers of the surge that is going through that drive?

Ron: On the HD2, it is approximately 9000 gauss or oersteds, these are two similar readings when measured in air. And it is similar to an MRI machine except it is in a small package. And the coil is configured in such a way and shielded in such a way that you can place a floppy disk on top of the degausser and it will not erase the disk. Keeping in mind the coercivity level which is a measurement of how strong the magnetic fields are on the hard disk platter, it is somewhere between 5000. The floppy disks are about 450 to 500 oersted. VHS tape is about 900. So you can see how a metal particle tape is about 1500 to 3000.

Tim: And this box is in a nice strong enclosure, does that mean that if a floppy is not protected that anything outside the field is pretty low shield as well?

Ron: That’s right. Anything I am standing inside, outside the environment everything is shielded, it is very much focused inside. We need all the power to be focused on the internal and this field chassis with some aluminum components inside is very much focused inside.

Tim: And this being your entry level machine, who is it sold to?

Ron: This will go to users that don’t have a high data volume, probably under 100 hard drives a month.

Tim: And in the end does the hard drive itself look any different?

Ron: No.

Tim: How do we know that it has been erased? Just stick it into a machine?

Ron: Yeah. The hard drive is definitely nonfunctional afterwards. It looks physically unchanged. So this hard drive has been erased probably about 50 or 60 times; internally though under a magnetic microscope you can actually see the data patterns on that. It could be imaged. And there would not be any data patterns. You can actually get a magnetic film or disk or liquid that could actually expose those domains.

Tim: Can we take a look up the product line there? Your bigger devices there.

Ron: Certainly. Here we go. So here we have our model HD3. This is our high production degausser. This has about 9500 to 10,000 gauss or about 1 tesla and it is our high production degausser. It is simple operation. Simply drop the hard drive into the slot that initiates the capacitor and degaussing cycle to start. It is going to take about 9 seconds to just erase the hard drive. It is now verifying that the magnetic field was sufficient to erase that information, and when it does, it drops out the back. So on all of our products, each and every erase is verified after each magnetic field has gone off.

Tim: And again what does this machine cost? And who would buy it?

Ron: This machine here is $8975. It is purchased by banks, hospitals, government institutions, states, and as you can imagine the uses of hard drives is pretty much unlimited.

Tim: So that is for higher volume?

Ron: Higher volume. Data centersand that sort of thing.

Tim: Alright. And what’s next?

Ron: I’m sorry.

Tim: And what’s next?

Ron: Next we have our TS1 degausser. This has been evaluated, this is on the NSA evaluated products list. What that means is it has been tested and has passed the stringent tests for the National Security Agency to erase top secret data. So this would be more missile codes, any of the top secret data that the government would have. Many banks, institutions, and corporations also follow the guidelines that the NSA and DOD do follow because they do have information from these facilities, and so some require this type of degausser. Again this degausser is like the HD2 in that it is a drawer operation, simply place it in, close the door, and hit the erase button.

Tim: Now it is still really sending a huge flux through the data platform. What else does this do differently that would satisfy the NSA that it is actually more secure?

Ron: This has about twice the amount of field or 20000 gauss compared to the 8000 or 9000 gauss that the HD2 has. And what this does is the government required a larger margin of error. So they are looking at different items or consequences such as manufacturing differences in the hard drive, manufacturing differences in the degausser itself, power fluctuations, temperature fluctuations, and so they take all those variables into account and they come up with their guidelines or the numbers that they need and hence you need a bigger unit and stronger.

Tim: And they must be willing to pay a higher price too?

Ron: Absolutely.

Tim: What does this run?

Ron: This is $19975.

Tim: And I imagine it comes with some kind of a vehicle to move it?

Ron: No. It doesn’t come with a vehicle to move it. So we do have it comes in a carrying case, so these are transportable cases here on the sides, so that’s actually one of the cases that these will travel in. So you could take this from place to place. In addition, we have side handles that slip out for easy maneuverability. So there are two handles on each side that slide out.

Tim: So right now, lot of data is moving to solid state, I know you’ve got a machine that can work with that as well, can you demonstrate that?

Ron: Certainly. So this is our new model PD5. It is a hard drive and solid state destruction device. So first of all, I will demonstrate the destruction of hard drives. Let me grab two hard drives here. So it is really to do two hard drives at a time, it takes about 20 seconds to destroy two hard drives. Simply place them in, close the door, and hit the destroy button. That is putting over 20,000 lbs. of force through it to break the hard drives.

Tim: So you can’t just send that to one of the data recovery companies that is listed on the back of PC World?

Ron: No. No. And for some companies, this is sufficient for destruction. Other companies, this is a secondary operation after degaussing since degaussing actually gets rid of the information, destruction simply breaks it and makes it nonfunctional. And then for solid state devices, what we have is we have our new SSD destroyer which is an attachment that goes in, or an accessory that goes in to the PD5. So you simply slide that in, basically it is like a bed and ceiling of nails, it will go in and it will penetrate through the solid state device, through the PC boards and it erases and destroys all of the platters on it, here is a simulated solid state drive, and you simply place that in between the chambers, close the door, and no more data. And what is important these days is there are some hybrid drives as well so there are some magnetic drives, something that has a still rotational media that needs a degaussing, and then there is a portion on the board that actually still has memory and stores data even when it is apart. So this is the end result.

Tim: Can you turn that around a little bit in your hands?

Ron: Here we go.

Tim: Now it is pretty thorough.

Ron: It is completely thorough and we have had it tested by data recovery companies and also looked at by government agencies and they have all agreed that once the package the chips are pierced in this pattern and that closed tolerance that it is completely unrecoverable.

Tim: And what else have people done to destroy drives? I mean there are machines that you are selling. What are the alternatives if you want to get rid of data permanently?

Ron: The beautiful thing about this is it is a simple process anybody can use. We have people come in to our shows, so we do government shows, we do industry business shows like this, and some people come and say, oh we hit it with a hammer, they drill holes in it, or they shoot it with their gun. We had a customer at this show, came in with his laptop, showed us a picture of his hard drive that he shot with his 45 and he was surprised to see that the 45 didn’t go all the way through the hard drive; it was actually stuck in the data platters. We had one lady at a show in Washington, DC, who came to the show on a Tuesday, and she asked if she could bring her hard drive from home the following day; we said sure. So we put in, we degaussed it, on a TS1 then we put it into our PD5 and the next thing we knew there was water coming out of the bottom of our product. And she said oh don’t worry about that. We were all wondering where this water is coming from. And her security was to put her hard drive in the sink, fill the hard drive up with water, and then stick it in the freezer. So she had just recently taken it out of the freezer; by the time she got here, and we cracked it open and all the water came out. So people would do many different things to protect their data.

Tim: Anything else I should be talking about with you about it?

Ron: I think that should do it. Just make sure you don’t send your hard drives back when they break; these work on as opposed to overwriting which is not approved by the National Security Agency for top secret data. So just make sure you protect your data.

I bet lots of companies throwing out old hardware who are worried about data leakage could actually find use for their old drives in-house. Hell, just keep them in a closet somewhere until one of your in-use drives go bad (and they will).

And if you are buying your computers from a standard manufacturer, they cost the same as the TB drives. Might as well get the bigger drives.

As a bonus, a really enterprising sysadmin will use the (aggregate) empty desktop disk space as a de-centralized near-term backup solution. Mind you, it should never replace tapes, snapshots, etc, but...

If you can park encrypted copies of critical data around redundantly on every desktop, deny the use of that space to the desktop user, and do it in a way that's automated? Sweet. Why do it? Because you could possibly recover lost data much faster than calling your offsite provider and waiting for a tape to arrive. It also serves as a last-ditch, everything-else-has-failed means of recovering whatever data it is that you deposited there. You;d have to set up some sort of RAID-like redundancy, and a means to automatically update that data on a semi-regular basis, but damn if it wouldn't work. As a bonus, you can put that disk space to legitimate use, instead of watching it get filled up with cat pictures and web cached files from facebook. If each desktop has a TB of drive, you could slash it to 300GB for the desktop user, and take 600GB+ (mind the overhead) from each desktop for company use. Even with only, say, 40 desktops? You could get up an easy 12 TB of aggregate storage with a RAID1-like redundancy - maybe 6 TB if you had 4 copies of each chunk of data, which is still nothing to sneeze at (especially if you've priced SAN shelving as a near-line backup depot...)

(...though if you were a true BOFH, you could do the same thing, say it's for company data, then use it for your own personal stash or whatever...)

As a bonus, a really enterprising sysadmin will use the (aggregate) empty desktop disk space as a de-centralized near-term backup solution. Mind you, it should never replace tapes, snapshots, etc, but...

If you can park encrypted copies of critical data around redundantly on every desktop, deny the use of that space to the desktop user, and do it in a way that's automated? Sweet.

Many years ago, a company named "Mangosoft" had a product named "Medley" [mangosoft.com] which would do this.. Each user would allocate a certain amount of their disk drive to the "Medley" drive, and all of the users (up to 25 max) would share a really big drive together. Earlier versions of this technology worked by basically keeping two copies of every file, and moving a copy to the local drive of the last user who accessed it. If a machine holding a file went down (power, etc.) then the list of files it held would be pushed around from other working machines to always ensure duplicates are still around.

Most of those legacy hard drives everybody always think can be re used are actually far lower RPM IDE hard drives. I'd be delighted to give one to somebody I don't like, but I think you get my point, they're not re-usable due to extremely poor performance.

No. RPM hasn't changed much. I've seen 15KRPM drives that are as old as I am, and I've seen 5400RPM drives that came out yesterday.

What does change is data density, which does affect sequential read/write speeds (and to a much lesser extent random). So a modern desktop 7200RPM drive can have similar performance to a 10,000RPM server drive from 2004 (date pulled OOMA, use loosely).

But lower RPM coupled with an IDE interface should eliminate ANY consideration on re-using the drives I'm referring to.

RPM has to do with how fast a hard drive can retrieve data (access times) so that's where the data density would come in, if I'm retrieving more data per rotation, say 2x (theoretical) more, suddenly 7200rpm looks more like 14400RPM, which obviously > 10k SAS.

I've done this before in an old 'server' I was re-using. As is typical this had been laying around in the server room for 7 or 8 years even after it had been replaced (once upon a time it ran WinNT). My company at the time gave me no budget and said they wanted our website (which not even 500 people a year ever looked at) moved inhouse. So I repurposed this guy and seeing as how the enclosure was designed to hold a dozen or so drive I stuffed it full of old 40 GB drives I'd pulled from desktops and set up a RAID 5 arrangement with 10 of them. Was never really any reason not to do it. It made an ok little linux webserver running a CLI environment for remote access.

If it's old, then it's out of warranty. Yeah, I get the whole e-waste thing, and I'm sure it pains people to see a pallet of otherwise good 1TB drives headed off to be shredded into chips.. but remember they are 3-4 years old and having one go bad while is a far bigger PITA in terms of lost productivity, lost data, etc. than it is to just buy a new one for $100 and pay $1 for the old one to get securely scrapped.

Not to DoD standards. Several (usually 3-7 passes with/dev/random (or/dev/urandom) followed by/dev/zero will erase data well enough for any standard out there other than those that specifically require physical destruction, though.

My experience has been that they recommend it just because they can. I have dealt with this in the past in consultation with the risk management teams of various financial industry clients of ours. The first couple of times they asked me to do 7 pass zeroing on multiple terabytes of data, I tried to push back on it. Not a single one of them could produce any proof that a single pass was insufficient to render the data unreadable. Yet they all insist that it must be done to DoD standard, 7 pass wipe. It

Not to mention that the 'DoD Standard' is a myth. They actually have different erase and destroy requirements depending on the media type, but none of them require 7 times over write, since that is just a waste of time. The worst iIknow of is a 3 times overwrite if you want to re-use magnetic media at the same (or higher) classification level.

Back in the 80s I ran a computer center that handled classified data, and we used DEC RM05 removable-disk-pack drives on a VAX. The AR380-380 regs for declassifying storage media gave us a few choices

- Degaussing with NSA-certified Big Magnets (not in MY computer lab, where I still have disks I want to keep!)

- NSA-certified software. The big deal isn't just overwriting it 3-7 times to prevent the KGB from using electron microscopes on it, it's making sure that you've really erased all the data, including the spare and bad blocks remapped by the disk controllers, and if you only had one disk drive in the machine, the software needed to be able to keep running from RAM even after you'd erased the operating system including the files for your disk-wiping commands. (Too much paperwork required.)

- Physical destruction. Why, yes, we're a large company with a machine shop down in the basement, and they have Sandblasters! Win!

I was no longer sysadmin by the time they closed the classified processing system. My successor got to disassemble the dozen or so disk packs we had and take them down to the machine shop for sandblasting.

Remember how ever sysadmin in the 80s used to have a disk on their wall with decorative scratches on it from a head crash? Hers was pure shiny metal.

The theory regarding how data could be recovered from a zeroed drive seems sound enough, namely that by measuring the difference between the analog signal captured directly from the head before it is converted to a digital signal, and then taking the difference between it and the digital signal, one can determine what the previous state was for each of those bits. And it also stands to reason that the various intelligence agencies who are purported to possess such capabilities would not be forthcoming in revealing their ability to do so.

That said, regardless of whether the technology exists or not, people who advocate 7-pass and 35-pass overwrites are just wasting their time, since even the author of the paper that proposed the 35-pass method acknowledged that only a subset of those passes are necessary for any particular drive, and that with modern drives a simple series of random rewrites would be more than sufficient. He even referred to the way that many people were using his technique as "a kind of voodoo incantation" [wikipedia.org].

Do you have evidence that any of the failed SHA-3 candidates are crackable? Because security is about a whole lot more than "addressing confirmed threats".

Magnetic domains remain on overwritten harddrives, this is indisputable. The only question is whether anyone has the capability to recover data from them; but assuming "nah, its too difficult" seems to be making a whole lot of assumptions about tomorrow's technology.

I would suspect that anyone with a sufficiently good enough data recovery system can probably read the bits that have been zeroed. Since you're changing everything to the same state, it doesn't seem at all unlikely that reading small fluctuations in those "zero's" would be possible.

But you still need some way of knowing what the difference between a valid zero and the residual print-through is - and that difference is *tiny*.

Furthermore, drives haven't written 1s and 0s since the very earliest days of IDE, over 20 years ago. Now they use something similar to QAM so rather than trying to pick out the traces of 1010101010 from underneath 0000000000, you're trying to pick out 1758923065 from underneath 8959205253 - if you see what I mean.

I can say this though, if I worked in a data center, and had the job of wiping old drives being taken out of commission, I would definitely ask my company to buy one of those systems to save me the time and aggravation of doing it some other way.

People who use these services justify the cost because they get a certificate.

In all honesty though, you're completely right, that whole industry is one giant scare scam.

It's supposedly possible in a lab environment to try and recover deleted data off a wiped drive by comparing the digital and analog signal differentials I believe... but if the NSA has interest in you, that's the least of your problems.

My preference is to use OP's unix command, except I tend to like to use/dev/urandom instead and then put

Non-criminal is the tricky part. Much of what one group orders done BECOMES criminal when political circumstance changes. As this happens quite often it being its all three sides if they just agree to destroy everything all the time.

There are two basic threat models here - the DriveSavers level and the KGB level. dd will overwrite most of the bits on your drive, but remember that modern hard drives don't actually let you write physical blocks on the drive; the disk controllers remap requests, replace bad blocks with spares, move stuff around, hide stuff in hidden partitions like the Host Protected Area that standard Linux tools can't access, etc. Commercial data recovery companies like DriveSavers aren't going to find much after a dd

Won't work on an SSD. You have no idea what the controller is doing behind the scenes. There is capacity on the SSD that is completely and utterly inaccessible to the host. When you write 256 GB of zeros to your 256 GB SSD, you've probably got 16 or 32 GB the controller hasn't told you about, with data you know nothing about. You have to issue the ATA SECURE ERASE command, and even then you'll have no idea if the controller actually respected it and wiped everything.

For SSDs there are two reliable options.

1: Encrypt everything in software so the key nor a hash of it could never possibly be stored on the drive in unencrypted form.2: Physical destruction.

their destruction process is more certain than shooting a hard drive with a.45.

Sounds like they need to have better aim and/or use more than one shot. As powerful as a.45 may seem (probably.45ACP) they really aren't that impressive. For example I have seen one of my buddies shoot an old hard drive with a 20 slug and it dented the case and platters nicely but really didn't go in and sent the drive bouncing down range. The drive had 3 aluminum platters a steel cover and aluminum case. Now granted a.45 ACP and a 20 gauge slug (about.61) aren't exactly the same but from some quick sea

It's not the energy of the round that counts, it's the energy actually spent destructively on the target. The formula for maximum destruction in this case is to have the maximum kinetic energy energy delivered to the smallest area with high efficiency. So, you don't want a 20 gauge slug. It's easily deformed, has a large impact area, and unless you have the drive held very securely would just knock it downrange. I'd use a small caliber, high speed rifle cartridge. 7mm mag or even.223 would do nicely!

We do that for systems retired from medical offices, but we give the drive a good DBAN first. THEN we disassemble it (a coworker of mine collects the magnets for some reason) and then smash the platters a few times with a hammer for funsies.

If its a laptop drive, a quick thwack with the handle of a screwdriver will result in the platters shattering in a satisfying manner. I might recommend covering the platter with paper, unless you enjoy shrapnel going every which way.

Old hard drives are one of my favorite targets. I usually take the magnets out first and then shoot them with my SKS. My only complaint is they don't dance like empty pop cans do (hit them near the top or bottom and watch them spin and jump). Once they are so full of holes you have a better chance of going through an existing one than hitting metal they go into the recycle bin as at that point what is left is just the aluminum case and coated aluminum platters as the motor has been shot off at that point.

This. I imagine the most effect means would be to degauss the drive (to meet the official terms of the contract) and then bake it well above the critical point for the magnetic media in question. Thermite satisfies that part quite well and it wouldn't be hard to make a standard setup for slagging harddrives with thermite.

They probably could also modify a pizza oven (with conveyor belt) to get a high throughput baking system.

When I was in the Navy, we had equipment to destroy classified (paper) material onboard the ship. I always wondered what the logic in equipment selection was, but there were certain approved ways of destroying classified materials based on classification. Lower levels of classification could be disposed through this garbage disposal like thing that had sea water running through it. Next level up was an JP-5 fueled incinerator, and for the highest level was a mechanical shredder that would turn paper into t

actually low level wipe sounds more useful and more impervious to an overdesigned harddrive problem(the casing in this process remains intact - I guess there's some physics involved why the hd casing couldn't protect the discs themselves while the hd electronics themselves get fried by the process).

and well, if you plop that 9k you can wipe as many drives as you want I suppose.

Coal is about $80/ton. Take about 1lb of that, light it, set a bunch of hard drives in the middle of it, put a house fan next to it... hard drives are a puddle of molten steel/plastic in about 10min and it cost you pennies. You can do the same with propane, but you'll need to build a burner and such.

And before anyone gets on their high horse about burning coal, keep in mind the little device they're using her was most likely powered by coal generated electricity.

I blacksmith. So I don't use the fancy stuff you use for heat. Sulfur content doesn't matter. Also, those of us that do old school things that require coal stick together. Often 1 guy gets 100 ton, because he's got a train (no I'm not kidding) then he'll sell the rest of us a couple of truck beds worth here and there at cost provided the next time he has a steam exhibition we help out by giving demos.

Just hand it over to any teenager - they usually destroy most things that comes anywhere near them.To guarantee swift and total destruction make sure to tell them to *please* be careful with it.And that it is fragile and expensive.

As an example, we have a couple thousand PCs that are dumped each year due to lifecycle replacement. Yes, these are perfectly good PCs that could be wiped and loaded with (whatever) and donated.. but THAT COSTS MONEY. Loosing even ONE hard drive with data on it puts us in the newspaper, hence the policy is :

No data storage device leaves intact, ever.

We have the guys in facilities run them through a giant metal bandsaw, and that's BEFORE they go to

I worked in a legal firm which specialized in e-discovery and forensics, they weren't data-recovery specialists, but they were able to pull data from slack space and previously rewritten areas. But that is besides the point. For client-privacy reasons, legal reasons, and corporate policy, they ended up with hundreds of hard drives per month that needed to be destroyed with no possible way to recover the data. A $24 sledgehammer is certainly a cheap and fun sounding answer. But after smashing five hard drives, this stops being fun, you're making a lot of noise, and someone would need to clean up the mess. I'm sure OSHA wouldn't approve of that either.
We were in a corporate office in the middle of New York City, so smart-ass solutions like thermite; sodium hydroxide; shooting them with a.45, a shotgun, or a bazooka aren't going to fly. Because of chain of custody, you couldn't even take the hard disks into an empty field to do this.
The guy responsible for destruction started unscrewing everything, taking out the platters, then punching a hole in the platters with a screw-press. But like the sledgehammer solution, this was slow labor-intensive. I believe they ended up using a qualified HD destruction service, who would come to your office once a month, and give you metal confetti back. This of course isn't cheap. Eventually, purchasing one of these Garner devices would make economic sense.
My point is, sure, given our own devices, we can think of quick and fun ways to destroy a hard disk. But when you are limited by government and corporate rules, companies like Garner aren't just greedy, but filling a real need.

I sometimes need to destroy hard drives at work. I do it right in front of the user so they know their old data isn't going anywhere. I open the computer, pull out the drive, open the drive, get a screw driver under the disk plate and use it as a lever. The plates will either bend or shatter depending on material.

I just snap them in half. Bent one way, they will shatter, the other way, they will just bend.

This won't be useful for top secret data where someone might have a custom jig to read tracks on pieces of CD/DVD media, but for almost everyone else, tossing the shattered media into multiple piles and tossing each pile in a separate wastebin is good enough.

But it's fun. After all, we nearly kill ourselves for a living keeping all this data perfectly intact, 24x7x365.25.

There are entire companies that DESTROY SHIT FOR MONEY!!

One day you you can be fired for losing A file... The next these guys get to have the fun tearing ALL THE FILES to shreds. Let that settle in your mind and embrace the Stone of Sisyphus we push up the hill every day.

Those fills of random bits work real well when the drive fails and can no longer be accessed.... A motivated entity could possibly recover the bits still on chip/disc, its up to the organization to decide how to dispose of the drive and if its worth their/their clients' interest in making sure the data is not recoverable. I wouldn't want my bank to simply toss a bad drive out in the normal garbage....
-T